Skip to main content

Gradient CI CVE-2026-44592

| EUVDEUVD-2026-30365 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-05-14 GitHub_M
9.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.4 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 14, 2026 - 19:30 vuln.today
CVE Published
May 14, 2026 - 18:39 nvd
CRITICAL 9.4

DescriptionGitHub Advisory

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has PeerAuth::Open, i.e. it sees jobs from every organisation, and can immediately NarPush/NarUploaded arbitrary store paths into nar_storage and the cached_path table. This vulnerability is fixed in 1.1.1.

AnalysisAI

Unauthenticated remote attackers can register rogue workers in Gradient CI 1.1.0 when GRADIENT_DISCOVERABLE is enabled (default configuration), gaining access to all organizational jobs and the ability to inject malicious build artifacts into shared storage. The attacker sends a fresh worker UUID to /proto endpoint, obtaining PeerAuth::Open privileges that bypass organization isolation. Vendor-released patch: version 1.1.1. CVSS 9.4 Critical with network vector and no authentication required. No active exploitation confirmed (not in CISA KEV), but EPSS data unavailable for this 2026 CVE ID.

Technical ContextAI

Gradient is a Nix-based continuous integration system designed for reproducible builds using the Nix package manager. The vulnerability exists in the worker registration protocol accessible via the /proto endpoint. When GRADIENT_DISCOVERABLE=true (default in both standalone deployments and the NixOS module), the system accepts worker registrations without credential verification. The root cause is CWE-306 (Missing Authentication for Critical Function) - the worker registration handshake fails to authenticate clients before granting PeerAuth::Open session privileges. Once registered, a rogue worker can invoke NarPush/NarUploaded operations to write arbitrary Nix Archive (NAR) files into the shared nar_storage backend and populate the cached_path database table with attacker-controlled store paths. This breaks the trust boundary between organizations in multi-tenant deployments and enables supply chain attacks by poisoning the Nix store cache with malicious build artifacts.

RemediationAI

Upgrade immediately to Gradient CI version 1.1.1, which implements authentication for worker registration. For organizations unable to upgrade immediately, set GRADIENT_DISCOVERABLE=false in configuration to disable unauthenticated worker discovery, though this may impact legitimate worker auto-registration workflows and require manual worker provisioning. For NixOS module users, override the default by explicitly setting services.gradient.discoverable = false. As additional defense-in-depth, restrict network access to the /proto endpoint using firewall rules or reverse proxy ACLs to allow connections only from known worker IP ranges, though this is a compensating control and not a substitute for patching. Organizations running 1.1.0 should audit cached_path table and nar_storage for unauthorized entries created between deployment and patch application, and review build logs for jobs executed by unrecognized worker UUIDs. Vendor advisory with full details: https://github.com/wavelens/gradient/security/advisories/GHSA-49w6-gf3p-96m2.

Share

CVE-2026-44592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy